Disable PatchGuard and Driver Signature Enforcement at boot time
EfiGuardDxe
EfiGuardDxe
now correctly clears and restores CR4.CET
along with CR0.WP
if needed.
As a result of this, EfiGuard can now also disable write protection during copies from its runtime SetVariable
hook, which it previously did not do due to the potential for conflicts with CET.Loader
Loader.config.efi
, you can now access this functionality by pressing the <HOME>
key when prompted.EfiDSEFix
EfiDSEFix
will now acquire SE_DEBUG_PRIVILEGE
before attempting to query kernel modules. (#97)
This is another compatibility fix for Windows Insider that will likely be required in future versions of Windows.EfiGuardDxe
CR0.WP
if needed. This is in anticipation of the new EFI_MEMORY_ATTRIBUTE_PROTOCOL
introduced in UEFI 2.10.Loader
EfiDSEFix
EfiDSEFix -i
now prints currently enabled code integrity and VBS options and flags.-r
command to read the current value of g_CiOptions
without writing to it.EfiDSEFix -d
and EfiDSEFix -c
now verify that VBS is disabled before proceeding. Note that VBS being enabled most likely indicates that EfiGuardDxe was simply never loaded, so this is mostly a precaution.EfiDSEFix
on older versions of Windows 10.There were no changes to EfiGuardDxe or the loader in this update.
EfiDSEFix -d
on Windows 10 systems with KB5003173 (May 2021 update) applied would cause a BSOD.There were no changes to EfiGuardDxe or the loader in this update.
SeCodeIntegrityQueryInformation
signature for Windows 10 20H1 preview.Loader.efi
.EfiDSEFix -e
not re-enabling DSE on Windows 8 and higher unless the value was manually specified.First public release